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[57] ABSTRACT 

In a networked communications system comprising a client 
unit, a secured host server, and a company subscriber unit, 
a method for providing secured commercial transactions via 
the networked communications system.— The_method 
includes the steps of~prqviding a securedjraiismission patlT 
^yia^the-networked communications' system'between the^ 
client un it an d.the.secured,host server, presenting-the client 
(unit with an order form in which co mmercia l mformatiorTis 
jto be entered via the secured transrmssion path, receiving the 
Icommercial information transmitted jvia, the secured-transj 
^mission path by the~client uiiit~afthe secured host^ervep 
mamtaimng-the^commerci^ 

(dynamic memory of the secured host server, encrypting the 
commercid:MoiTOation-in:respon^ 
^"corMerciaLmform^ion^jerasing the dynamic memory 
of the secured host server in response" to the step 'of encrypt- 
ing the commercial information, and forwarding the 
encrypted commercial information via the communications 
network from the secured host server to the company 
subscriber unit. 

8 Claims, 1 Drawing Sheet 



Transaction 
is made with 
a SSL 
complient 
Browser. 



10 



Client 
Unit 



Mail is 
decripted 
with PGP 
private key, 
transaction 
has been 
received. 



1 4 



MT 



Company 
Subscriber 
Unit 



Unsecure transaction goes 
through a secure channel. 



(E 



■Secure Channel(SSL)- 



Secure email goes through 
unsecure channels. 



Transaction is encripted 
(with PGP public key) in 
memory then sent by 
email to the Company 
Subscriber Unit. 




— 12 



Secured 
Server Unit 



Mail may be left on 
some computers for 
some hours, but it is 
encripted. 



Company 
Mail Provider 
(option al) 



04/05/2004, EAST version: 1.4.1 



U.S. Patent 



Dec. 8, 1998 



5,848,161 



T3 c 
CD ' 

u 

c 

<D o 



CO 



c 
o 

-4—' 

o 
o 

CO 

c 
o 



— (0 
XI 

CL 



CD 



c 
o 

Q_ 

E 

o • 
o ^ 
c 

CD Z) 



CL 
O 
CL 



^ CD 
^ O _Q 
^ — 

o __ o 

C "~ CO 

fc O _Q 

£ E o 



CO — 
<|) 0) 
O c 
cr>c 
o 
c-c 
o o 

(0 u - 

C CD 
D w 

^ D 
CD 

l_ _C 
3 CT> 
O 13 
CD O 
CO 

c jc 



CN 



"O c 
<D Z) 

O CD 
CD > 

CO u - 

CD 
CO 



CO 
00 

*q3 
c 
c 
o 

o 

CD 

D 
O 
<D 
CO 



c 
o 



CD 

CD 
-Q 

D 

E 



CO 



CO ^ 
CD _Q 

Is 

O O 

(j x: 

CL 

CD CD 

E E o 

o o c 

CO CO CD 



CD 



13 
O 

CD 
C 
CO c 
<D o 

Or 
CT> (j 

— CD 
O ^_ 

E 

CD 
CD 

L_ 

=3 
O 
CD 
CO 



CD 

£ > ° 

° o c 

cl z_ o 

O CL 



CD 
O 



CO 



0 L - 

CD 

oo E o 
o ^ 

O O CD 



c 

CD o 
"O Q_ ^ - C 

^ n CD r CD CD 



(0 ■ n 



CO 



CD 



° q> . ^ - o q> 



>n CD 

| '5 

E co 
CO 



o 
o 



04/05/2004, EAST Version: 1.4.1 



5,8< 

1 

METHOD FOR PROVIDING SECURED 
COMMERICAL TRANSACTIONS VIA A 
NETWORKED COMMUNICATIONS SYSTEM 

BACKGROUND OF THE INVENTION 

This invention relates generally to networked communi- 
cations systems and, more particularly, relates to a method 
for providing secured commercial transactions between a 
client unit and a company subscriber unit via a global 
network known as the "Internet". 

Currently, there are three major Secure Electronic Trans- 
action (SET) payment schemes which have been developed 
and implemented. Each of these schemes utilizes cryptog- 
raphy for the purpose of providing confidentiality of 
information, ensuring payment integrity, and authenticating 
both merchants and cardholders. These security criteria are 
provided in hopes of enabling greater bank card acceptance 
combined with a level of security that will encourage 
consumers and businesses to make wide use of bank card 
products in this emerging market. In particular, the three 
SET payment schemes can be classified as follows: payment 
schemes using encrypted data; payment schemes using third 
parties; and payments using digital cash. A brief explanation 
and implementation examples of each payment scheme 
follow. 

Payments Using Encrypted Data 

With this payment scheme, credit card details are 
encrypted before they are transmitted to the merchant. The 
leading protocols used to establish the three security criteria 
above-described arc secured sockets layer "SSL" and Secure 
HTTP "S-HTTP" which have been designed by RSA Data 
Security Inc. for Netscape and Enterprise Integration Tech- 
nologies for NCSA Mosaic respectively. These two proto- 
cols are parallel security protocols. (Recently, a decision was 
announced by Netscape that both of these protocols would 
become integrated since they are deemed complementary.) 
Specifically, SSL provides the encryption necessary to route 
data to the merchants server while the S-HTTP protocol 
provides for security at the server itself. 

In particular, these protocols both use public-key encryp- 
tion to provide secure links. Public-key encryption uses a 
pair of keys whereby messages encoded by one key can only 
be decoded by the other key of that pair, and vice versa. 
Every working party has a unique set of keys where one key 
is kept secret and the other key is made public. This differs 
from secret-key encryption which utilizes one and the same 
key for encoding and decoding. 

By way of example, public -key encryption generally 
works as follows: for authentication, a party encrypts with a 
secret key; verification is provided by decoding using the 
parties public key; and for private communication, the 
sending party encrypts using the other party* s public key. 

For examples of this payment scheme implemented, see 
The Netscape Galleria. 

While this scheme is advantageous since the application 
is transparent to the end-user and it provides enhanced 
security, it nevertheless suffers the disadvantages of relying 
on codes that can be theoretically broken and is costly to 
implement in terms of added equipment and overhead. 
Furthermore, while it is believed that this is the best alter- 
native available to date since the SSL compliant server offers 
the easiest and most transparent solution to consumers, this 
scheme does not address the needs of a remote company 
subscriber. Specifically, this scheme fails to provide a com- 
plete and secure solution for a company subscriber without 
a server on the premises. 
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Payments using third parties 

For payment schemes involving third parties, a company 
collects and approves all payments from one client to 
another. All the information necessary for the transaction is 

5 collected via the Internet except for the confidential credit 
card number data. Specifically, the credit card number data 
is transmitted via a secure telephone line and the information 
is kept on a secure computer that cannot be accessed from 
the Internet. (The third party makes money by charging the 

10 merchant and consumer for services much in the same way 
as conventional credit card companies make money.) 

For an example of this payment scheme implemented, see 
First Virtual, NetChex, and the NetBitl Project. 

While this scheme is simple, safe and highly secure 

15 without requiring the use of complicated encryption 
techniques, there are seen to be a number of disadvantages. 
In particular, this scheme suffers the disadvantages of adding 
the cost of third -party services, allowing spending limits to 
be reached without the knowledge of the consumer since 

20 money is linked to a credit card, and the potential loss of 
privacy since all data is gathered in a centralized system. 
Furthermore, problems utilizing this scheme also result from 
the need to manage shipping costs, backorders, delayed 
shipments, and billing problems arising from the involve- 

25 ment of the third party. 

OPEN MARKETS, offers another alternative for provid- 
ing the merchant with the customer order via a highly 
developed and dedicated secure server. Specifically, credit 
card information is handled by OPEN MARKETS, through 

30 a dedicated "back-end" server hosted by OPEN MARKETS, 
which is linked by dedicated phone lines to a financial 
institution. The credit card information is not processed until 
OPEN MARKETS is notified by the retailer, via regular 
e-mail or phone, that the order has been shipped. At that time 

35 OPEN MARKETS processes the credit card information for 
the retailer. However, this scheme also suffers from many of 
the disadvantageous above-described. 
Payments Using Digital Cash 

This scheme uses a third party as well but differs signifi- 

40 cantly from the previously described third party scheme. In 
the previous third party payment scheme, the third party was 
analogous to the post office. In the digital cash scheme, the 
third party acts as a virtual bank that provides "digital coins'* 
to the consumer. In particular, money is deposited via a 

45 credit card over secure telephone lines or mailed in the form 
of a check to the virtual bank in the same manner as a 
conventional bank account. The consumer can then with- 
draw the digital coins from their Internet bank account and 
store them on the hard drive. When a purchase is made, the 

50 money is withdrawn from the hard drive and transmitted to 
the merchant or another party. Smartcards can also be used 
to store digital coins allowing cash to be carried. The scheme 
of providing security for the digital coins is again RSA 
public-key encryption. 

55 Specifically, when utilizing this scheme to make with- 
drawals from the virtual bank, the consumers PC determines 
the equivalent digital coin amount required by the user and 
produces a random serial number representative of said 
amount. Thereafter, the serial number is "blinded" using 

60 RSA public-key cryptography to insure privacy. The bank 
encodes the serial numbers with its own secret key (digital 
signature) and debits the consumers account. The digital 
coins are then sent back to the user and decoded using the 
banks public key for storage on the consumers PC. To spend 

65 the digital coins, the PC collects the amount of coins 
necessary to reach the requested total value of the transac- 
tion which coins are sent to the receiver. The receiver then 
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sends the coins directly to the digital bank where the bank 
verifies the validity of the digital coins and credits the 
account of the receiver. 

For an example of this payment scheme implemented, see 
CybcrCash, Digicash, and Net Bank. 

While this scheme has the advantages of providing ano- 
nymity for the consumer, quickness, and working much on 
the same familiar principle as cash, this scheme nevertheless 
suffers the disadvantage of being complicated. In addition, 
hardware failure can mean loss of money. As a result, this 
scheme has not gained widespread support from banks and 
merchants. 

A variation to this scheme would be CYBERCASH's 
"wallet" software. CYBER CASH provides a method for 
allowing subscribers on a networked communications sys- 
tem to transfer commercial information to a company sub- 
scriber in a secured manner. In particular, CYBERCASH 
requires a subscriber "wallet" which is a piece of software 
that must be downloaded or otherwise locally installed on 
the subscriber unit before any commercial transactions may 
occur. The subscriber then must utilize the "wallet" software 
to encrypt, specifically PGP encrypt, any information that 
the subscriber wishes to maintain as secure. This encrypted 
information is then transferred to a designated server and 
accordingly forwarded to the company subscriber and 
CYBERCASH for description. The financial institution is 
linked via a dedicated phone line to CYBERCASH. The 
credit card transaction is approved and that data is reen- 
crypted and returned to the subscriber and the company 
subscriber. The basic drawback to this scheme is primarily 
the additional software required by the consumer and a 
complicated back-end system that incorporates a third party, 
CYBERCASH and a bank, plus several back-and-forth 
transactions all resulting in numerous file structures. This 
scheme suffers the further disadvantage of requiring the user 
to have specialized programming resident on the user's 
subscriber unit. 

From the foregoing description of available secured com- 
mercial transaction methods, it is seen that a need exists for 
an improved method of providing secured commercial trans- 
actions via a networked communications system. 

As a result of this existing need, it is an object of the 
present invention to provide a method of providing secured 
commercial transactions via a networked communications 
system in which consumers will have confidence. 

It is a further object of the invention to provide a method 
that is easy, attractive, and transparent to consumers when 
utilized. 

It is yet another object of the present invention to ensure 
that no residue of the commercial transaction is available to 
authorized network subscribers. 

It is still a further object of the present invention to 
provide a service in which company subscribers can receive 
secured commercial information in a cost effective manner. 

SUMMARY OF THE INVENTION 

In accordance with the present invention, a method for 
providing secured commercial transactions in a networked 
communications system comprising a client unit, a secured 
host server, and a company subscriber unit is provided. 
Generally, the method includes the steps of providing a 
secured transmission path via the networked communica- 
tions system between the client unit and the secured host 
server, receiving encrypted commercial information trans- 
milted via the secured transmission path by the client unit at 
the secured host server, reencrypting the once encrypted 
commercial information in response to the step of receiving 
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encrypted commercial information, and forwarding the reen- 
crypted commercial information via the communications 
network from the secured host server to the company 
subscriber unit. 

5 More specifically, the method includes the steps of pro- 
viding a secured transmission path via the networked com- 
munications system between the client unit and the secured 
host server, presenting the client unit with an order form in 
which commercial information is to be entered via the 

10 secured transmission path, receiving the commercial infor- 
mation transmitted via the secured transmission path by the 
client unit at the secured host server, maintaining the com- 
mercial information solely in the dynamic memory of the 
secured host server, encrypting the commercial information 

15 in response to the step of receiving the commercial 
information, erasing the dynamic memory of the secured 
host server in response to the step of encrypting the com- 
mercial information, and forwarding the encrypted commer- 
cial information via the communications network from the 

20 secured host server to the company subscriber unit. 

A better understanding of the objects, advantages, 
features, properties and relationships of the invention will be 
obtained from the following detailed description and accom- 
panying drawing that sets forth an illustrative embodiment 

25 and is indicative of the various ways in which the principles 
of the invention may be employed. 

BRIEF DESCRIPTION OF THE DRAWINGS 

30 For a better understanding of the invention, reference may 
be had to FIG. 1 which illustrates a communications network 
on which the subject invention resides. 

DETAILED DESCRIPTION 

35 With reference to the figures and Appendix A, a method 
for providing secured commercial transactions via a net- 
worked communications system is disclosed. As will be 
readily understood by one skilled in the art, the system on 
which the method resides generally comprises a communi- 

40 cations network, such as the internet, which has attached 
thereto a client unit 10, a secured host server 12, and a 
company subscriber unit 14. The client unit 10 is preferably 
a personal computer equipped with appropriate access soft- 
ware such as MICROSOFT EXPLORER, version 2.0+, and 

45 NETSCAPE NAVIGATOR, version 1.2+. The secured host 
server 12 is preferably a NETSCAPE commerce server that 
utilizes a 128-bit, non-export encryption key that corre- 
sponds to the DES standard (UPS Military grade security). 
The DES keys may be obtained from RSA Data Technolo- 

50 gies. It will also be understood that the product or services 
available to the client will be "advertised" on the commu- 
nications network by a company subscriber making avail- 
able an unsecured HTML document which may be part of a 
local network or remote from the company subscriber unit. 

55 To initiate the ordering of a product or service off the web, 
the client unit first establishes a Secure Sockets Layer (SSL) 
session utilizing the above-mentioned access software 
which transfers the link from an unsecured first server to the 
secured host server. Thereafter, once the two way, secured, 

60 SSL communications link is established between the client 
unit and the secured host server, the client automatically 
authenticates the connection via the entering of predeter- 
mined certificate keys. This authentication code is passed 
and confirmed between the client and the secured host 

65 server. In this manner, any information passed between the 
two devices is transferred in a secure, encrypted manner via 
DES grade encryption. 
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Once the secure connection has been established via the the like. Additionally, at the close of the perl script, it is 

SSL, the secured host server presents the client unit with an preferred that an acknowledgment be automatically gener- 

order form to be displayed thereon, typically created in ated in the form of an unencrypted e-mail and returned to the 

Hypertext Markup Language (HTML), which includes vari- client unit. This acknowledgement should include a copy of 

ous information fields which the user must complete in order 5 the order minus the credit card data and other data the 

to proceed with the commercial transaction. It is contem- company subscriber feels need not be transmitted. While not 

plated that among these various information fields will be a necessary, local copies of the PGP encrypted information 

field that will require the user to enter personal details, credit may also be submitted to a special, unannounced server that 

card information, and a list of the products/services that are is provided as a simple backup. An unannounced server is 

desired. After the pertinent information has been entered 10 equipped with a one-way gate and any information stored 

into the order form, the user causes the information to be therein is inaccessible by third parties connected to the 

transmitted from the client unit to the secured host server. network. 
More specifically, the information entered into the informa- 

tion fields of the order form is sent directly to the port and 0nce the com Pany subscriber has downloaded the PGP 

process currently running on the secured host server via the is encrypted mformation, any residue thereof which may 

g§L reside on the E-mail server will be overwritten during the 

- , . - t normal course of its operation. At this point, an authorized 

In response to the recemt of the mfonmt.on that has been of ^ subscriber will authenticate the PGP 

entered mto the order form by the cheat, the secured host £ d c<n>fl ^ thereafterj take me PGP e led 

server causes the running of a separate sessions program that a *u u ^ *■ 

& . . , , , . . . i ™ information and run it through a decryption program pro- 

takes the information submitted thereto an ^immediately 20 ^ ^ ^ rf ^ hos { ^ £n y 

encryptstt with the company subscriber unit PGP public key. , ; of me PG P secured transaction will be noticeable 

More specifically, the mformation transmitted from the ifl ^ authemication s (See the documents attached t0 

subscriber unit is first and automatically turned into an Appendix A showing the PGP encrypted order (1) and the 

ASCII text format by the software resident on the secured j",„,.j i„ n\ »u a , J ■ 

, . , ' a . ,„ , . . , , ,, „„„ decrypted order (2) noting the date, time, and mvoice 

host server and then piped by a perl script to the PGP 25 & ^ ^ £ ^ (2) and 

program and encrypted. It is preferred that each transaction subscriber ac £ n0 wledgment (3) ). 

spawn its own individual, separate session. Furthermore, 

during the PGP encryption process, the information received The decryption program will require the company sub- 
from the client unit is prevented from being written to disk scriber unit's private key and key phrase to confirm and 
or otherwise stored or transmitted anywhere on the local 30 continue the decryption process. If the appropriate key- 
network to which the secured host server may be attached. generated key code is submitted, the PGP encrypted infor- 
Accordingly, the information received from the client is mation is decrypted and the company subscriber may there - 
processed only in the high or dynamic random access after process the information in its regular course of 
memory (RAM) of the secured host server upon its receipt. business. From the preceding description, it will be apparent 
Once the information has been encrypted utilizing the com- 35 that the invention overcomes the problems associated with 
pany subscriber unit PGP public key, the dynamic memory the prior art in that there is no residual, centralized file 
of the secured host server that contains the information structure which is exposed to attack, the management of 
transmitted via the SSL is erased or otherwise overwritten. billing issues resides with the retail subscriber, the operating 
It will be appreciated by those skilled in the art that this cosls are reduced, and the encryption scheme is transparent 
process of PGP encrypting occurs in nanoseconds. 40 10 the consumer and the retailer. Furthermore, since the 
Accordingly, the information transferred via the SSL from retailer receives the private key while the operator of the 
the client unit to the secured host server never resides on the secured host server maintains the public key, transactions are 
secured host server for any significant duration of time. In even secure from the °P era tor of the secured host server. In 
this manner, the information transferred via the SSL is, for sum ' tne described invention has the advantages of provid- 
all practical purposes, never resident on the communications 45 in 8 a user friendly, user transparent, and highly secure 
network or secured host server where said information method of performing commercial transactions via a corn- 
would be capable of being accessed by a hacker or any other mumcations network. 

unauthorized network user. While specific embodiments of the invention have been 

Once the information has been encrypted utilizing the 5Q described in detail, it will be appreciated by those skilled in 

company subscriber unit PGP public key, the company the art that various modifications and alternatives to those 

subscriber unit is notified of the transaction and the PGP details could be developed in light of the overall teachings 

encrypted information is transferred thereto for processing. of the disclosure. Accordingly, the particular arrangements 

The transfer of the PGP encrypted information is preferably disclosed are meant to be illustrative only and not limiting 

accomplished through sending the PGP encrypted informa- as to the scope of the invention that is to be given the full 

tion to the company subscriber unit via electronic-mail or breadth of the appended claims and any equivalent thereof. 



APPENDIX A 



The following perl script is utilized to encrypt and mail, by 
PGPMAIL, information submitted using a CGI form script. 

#l/usr/b in/perl 

#Gregory Luneau, Greg@Solutions.Net 
#Copyright (c) 1995, 1996 

#Process the input from POST method of the HTML page. 
Sbuffer - <STDIN>; 
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APPENDIX A-continued 



@pairs - split(/&/,$buffcr); 
foreach Spair (@pairs) 

{ 

(Stag, $value) - split(/=/, $pair); 
Svatue =~lr/+//; 

$ value =~s/%([a-fA-F0-9] la-fA-F0-9])/packCC\ hex($l))/eg; 

$FORM{$tag} - Svalue; 

} 

#Teils the PGP program where the public key chain is. 

$ENV{"PGPPATH"} - "/html/company/.pgp/"; 

#This will encript everything sent to PGPMAIL with PGP, 

#and then Mail it to the Company Subscriber Unit with Mail. 

local($pid) »open(PGPMAIL,"|/usr/bin/pgp+batchmodc+verbose =0 -fate 

company |/usr/sb in/Mai I -s* A Transaction from the Net' 

company@unit.com"); 

print PGPMAIL "Name: $FORM{CUENT}\n"; 

print PGPMAIL "Credit Card: $FORM{ccnumber}\n"; 

#. . .more information could be sent from here, ex: expiration date, 

# list of products 3 etc. 

# After this instruction, the whole PGPMAIL process executes and then 

# terminates. 
close(PGPMAIL); 

#Tells the Client unit what happened 

print "Content- type: text/htm]\n\n"; 

print "<HTML><BODYxHl>\n"; 

print "The Transaction has been transmitted securelyAn"; 

print "<mi></BODY></HTML>\n''; 

#Mcmory cleans up happens after the script ends, 



Date. 96-04-23 11:26:50 EDT 

From: http@mail2.digimark.Qet (HTTP User) 

To: kinghilll@aol.com 

BEGIN PGP MESSAGE- 

Version: 2.6 

hEwClnFEqjelEmkBAf92ds4E4vmd40GZUdzb6UvBjIrOU6zn/4DjnsSxokomi4p 

g4FNSDxcCvZ7scoURAov7MFEQ7uow+7b0nmacFpgAAAc01aFyUnfU9L7W2c0qP 

A2Og\VS8Fr45r0AeLq/Mv4FNUkEAArnKiNtabSxhYnYc+xVHjmYlAKZnEEMUoy4aU 

gCNmcn/A Mc3 MDGj ytAF1 XSWXlYFprH9c7CjZ+RvOSbQ5RGjj9AY88YUrnpDYsGekK 

DxA51QLMB5TXKDw7K9mP3bc/vWI5pPdzPrHwxSuoLSI J upECVD7IUqwRSCNmcyxG 

0QoGAF9IIPosTrT7w8H6ksR5 VwLIE VWZ5QTz8/J5983 Aql-I+0Gf+zkM6Za Uh+a 1 ml IC 

Te24eNwXzq/Vc5vgyZBiWwOf5db3nUAg/KnryYmTojBcdNpDi6ZIIeDt3MajI > vPW9 

hBtDsiihRcFKQm01ED76mjvrkvMwUYfll8MqoamJnclbUpPVeL4hpBugTjRznixwA 

cGzjK5IDY2fIDcEAuJ43tbOthrSyX3Y9+Ctar3LR2s8JdB2Qsl+hlAxwlyDWaNdG 

WXI^uIdX6u4sVbZpkiDlIWdn/Dx/0FPL3iPWJmgogKTXb7d4IMTDHuzkBSAaKwL 

fYI4SB10CuHa5MCG72KcND+Ua4wc4zTMChOtrIVuH4kY9Eue5rRgFtDjmBH48nRH 

fbV9yvbDP57sdjZT94k5vg« 

olPdL 

END PGP MESSAGE 



— - -Headers - - 

From http@mail2.digimark.net Tue Apr 23 11:26:36 1996 
Return-Path: http@mail2.digimark.net 

Received: from polyhymnia.digimark.net (polyhymnia.digimark.net [198.77.86.8]) 

by emin22.maU.aol.com (8.6.12/8.6.12) with ESMTP id LAA29954 for 

<kinghiin@aol.com>; Tue, 23 Apr 1996 11:26:35 -0400 

Received: from urania.digimark.net (urania.digimark.net [198.77.86.7]) by 

polyhymnia.digimark.net (8.7.5/8.7.3) with ESMTP id LAA17714 for 

<kinghilll@aol.com>; Tue, 23 Apr 1996 11:26:57 -0400 (EDT) 

Received: (from http@localhost) by urania.digimark.net (8.7.5/8.7.3) id 

LAA10417 for kinghilll@aol.com; Tue, 23 Apr 1996 11:26:30 -0400 (EDT) 

Date: Tue, 23 Apr 1996 11:26:30 -0400 (EDT) 

From: HTTP User <hltp@mail2.digiinark.net> 

Message-Id: <1 99604231 526.LAA10417@urania.digimark.net> 

To: kinghilll@aol.com 

Subject: Invoice to Tom King from King of the Hill 
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APPENDIX A-continued 



4-23-1996 



America Online :Kinghil 11 



Page 1 



Thank you Tom King for Ordering with us. 



Name: 

Address: 

City/Town: 

Province/State: 

Country: 

Postal/Zip Code: 

Telephone: 

Fax: 

Email: 



Tom King 
P.O. Box 304 
Addison 
IL 

USA 

60101-0304 
708-279-5550 
708-279-5572 
ThomasK797@aoI.com 



Credit Card: 
Card Numher: 
Expiriation Date: 



Master Card 

4444 4444 4444 4444 

01/97 



Order Code: 



Short Description: 
#5 Teton Fly Reel 



# of Unit(s): 
1 



Unit Price: 
$175.00 



SubTbtal: $ 175.00 
Freight to All other countries: $ 10.00 
plus Illinois Taxe (6.5%): $ 12.03 
Total: $ 197.03 



Date: 23/4/96 
Time: 11:26 
Invoice: 51 



Date: 96-04-23 11:26:42 EDT 

From: http@mail2.digimark.net (HTTP User) 

To: ThomasK797@aol.com 



Thank you Tom King for Ordering with us. 



You are being billed for the following amount. 



Date: 23/4/96 
Time: 11:26 
Invoice: 51 



From http@mail2.digimark.net Tue Apr 23 11:26:35 1996 
Return-Path : http@mail2.digimark. net 

Received: from polyhymnia.digimark.net (potyhymnia.digimark.net [198.77.86.8]) 

by emin20.mail.aol.com (8.6.12/8.6.12) with ESMTP id LAA23538 for 

<ThomasK797@aoi.com>; Tue, 23 Apr 1996 11:26:35 -0400 

Received: from urania.digimark.net (urania.digimark.net [198.77.86.7]) by 

polyhymnia.digimark.net (8.7.5/8.7.3) with ESMTP id LAI 7712 for 

<ThomasK797@aol.com>; Tue, 23 Apr 1996 11:26:57 -0400 (EDT) 

Received: (from http@localhost) by urania.digimark.net (8.7.5/8.7.3) id 

LAA10416 for lTiomasK797@aol.com; Tue, 23 Apr 1996 11:26:29 -0400 (EDT) 

Date: Tue, 23 Apr 1996 11:26:29 -0400 (EDT) 

From: HTTP User <http@mail2.digimark.net> 

Message-Id: <199604231 526.LAA10416@urania.digimark.net> 

To: ThomasK797@aol.com 

Subject: Invoice to Tom King from King of the Hill 



4-23-1996 America Online :ThomasK797 Page 1 



Total: $ 197.03 
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What is claimed is: 

1. In a networked communications system comprising a 
client unit, a secured host server, and a company subscriber 
unit, a method for providing secured commercial transac- 
tions via the networked communications system comprises 5 
the steps of: 

providing a secured transaction path via the networked 
communications system between the client unit and the 
secured host server; 

receiving encrypted commercial information transmitted 10 
via the secured transmission path by the client unit at 
the secured host server; 

reencrypting substantially all of the once encrypted com- 
mercial information in response to the step of receiving J5 
encrypted commercial information; and 

forwarding the reencrypted commercial information via 
the communications network from the secured host 
server to the company subscriber unit. 

2. The method as recited in claim 1, further comprising 2 o 
the steps of maintaining the encrypted commercial informa- 
tion solely in the dynamic memory of the secured host server 
and erasing the dynamic memory of the secured host server 

in response to the step of reencrypting the encrypted com- 
mercial information. 25 

3. The method as recited in claim 2, wherein the step of 
providing a secured transmission path comprises the step of 
establishing a Secured Sockets Layer (SSL). 

4. The method as recited in claim 1, wherein the step of 
reencrypting substantially all of the once encrypted com- 30 
mercial information further comprises the step of PGP 
encrypting the encrypted commercial information. 

5. The method as recited in claim 3, further comprising 
the step of presenting the client unit with an order form 
having information fields and utilizing the secured sockets 35 
layer to encrypt commercial information entered into the 
information fields. 
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6. In a networked communications system comprising a 
client unit, a secured host server, and a company subscriber 
unit, a method for providing secured commercial transac- 
tions via the networked communications system comprising 
the steps of: 

providing a secured sockets layer transmission path via 

the networked communications system between the 

client unit and the secured host server; 
presenting the client unit with an order form in which 

commercial information is to be entered via the secured 

socket layer transmission path; 
receiving the commercial information transmitted via the 

secured sockets layer transmission path by the client 

unit at the secured host server; 
maintaining the commercial information solely in the 

dynamic memory of the secured host server; 
PGP encrypting the commercial information in response 

to the step of receiving the commercial information; 
erasing the dynamic memory of the secured host server in 

response to the step of PGP encrypting the commercial 

information; and 
forwarding the PGP encrypted commercial information 

via the communications network from the secured host 

server to the company subscriber unit. 

7. The method as recited in claim 6, wherein the step of 
forwarding the PGP encrypted commercial information 
includes the step of: 

utilizing unsecured commercial electronic mail. 

8. The method as recited in claim 1 wherein the step of 
forwarding the re-encrypted commercial information 
includes the step of 

utilizing unsecured commercial electronic mail. 

***** 
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ABSTRACT 



An encrypdoji^ryej^r^ 

( 105),and decrypjtS2(403) -th"e encrypted^s sage usmg^-first 
keyryierding a decrypted_message com prisin g asecond 
encrypted -raessageT(i05A)ran-identificadon"of"a^sender of 
the first encrypted message, and an identification of a first 
reripientThe-second-enctyptejd : m^ 
of the^e^der7and lthe Identification of the first recipient are 
determined (405) fronvthe deaypted:messagerJrhe:second 
encrypted message and the identification of the sender are 
encrypted (409) with a second key. yielding a third 
encrypted message (109). The third encrypted message 
(109) is transmitted to the first recipient 

34 Claims, 4 Drawing Sheets 
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USE OF AN ENCRYPTION SERVER FOR 
ENCRYPTING MESSAGES 

FIELD OF THE INVENTION 

This invention relates to communication systems, includ- 
ing but not limited to encrypted communication systems. 

BACKGROUND OF THE INVENTION 

Encrypted voice and data communication systems are 
well known. Many of these systems provide secure com- 
munications between two or more users by sharing one or 
more pieces of information between the users, which per- 
mits only those users knowing that information to properly 
decrypt the message. This information is known as the 
encryption key, or key for short Encryption keys may be 
private keys, where a single key is utilized for encryption 
and decryption, or public keys, where multiple keys are 
utilized for encryption and decryption. 

Methods of encrypting using public-key encryption are 
well known in the art Typically, a public-key encryption is 
a method of encryption by which a single message is 
encrypted using a sender's private key and then a recipient's 
public key. The recipient then decrypts the message using 
the recipient's private key and then the sender's public key. 
Typically, public keys are 512 bits long, although some 
public keys have as few as 256 bits. Some encryption 
experts recommend using 1024-bit keys. Because the com- 
putational power required to break a key increases expo- 
nentially with the length of the key, longer keys provide 
more security. In addition, because two keys are needed to 
decrypt a message, two longer keys are more difficult to 
decrypt if neither key is known. 

Today, secure communication systems are used to trans- 
mit data in an encrypted fashion. If a user wishes to send the 
same message to five different recipients, the user must 
encrypt the message five different times, each time using the 
public key of a different recipient for the message. The user 
then transmits the rive messages to the five recipients. Such 
a process, however, is troublesome when the user wishes to 
transmit to, for example, 100 or more recipients. In this 
instance, the user must encrypt each message individually 
100 or more times, one for each recipient. If the user has a 
portable communication device, such as a laptop computer, 
the user's battery may run out of power before encryption 
and transmission of each message has occurred. In addition, 
the encryption and transmission process can consume a lot 
of time and processing power for the portable device, 
rendering the portable device unavailable for other activities 
by the user during the encryption and transmission time 
period. Thus, such transmissions would be impractical for 
portable users. 

Accordingly, there is a need for a method of transmitting 
encrypted data messages to multiple users without resulting 
in a time or power barrier to the user's communication 
device. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of a communication system 
having an encryption server in accordance with the inven- 
tion. 

FIG. 2 is a block diagram of an encryption server in 
accordance with the invention. 

FIG. 3 is a flowchart showing a method of transmission of 
a digital data message to an encryption server in accordance 
with the invention. 
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FIG. 4 is a flowchart showing a method of transmission of 
an encrypted message by an encryption server in accordance 
with the invention. 

DESCRIPTION OF A PREFERRED 
EMBODIMENT 

The following describes an apparatus for and method of 
using an encryption server for encrypting messages. Mes- 
sages are encrypted twice, once with the sender's private key 
and then with an encryption server's public key before 
transmission of the messages to the encryption server. The 
encryption server decrypts received messages with the 
encryption server's private key. yielding an encrypted 
message, a user identification (ID), and one or more recipi- 
ent IDs. The encryption server encrypts the encrypted mes- 
sage and the user ID individually with each of the recipient's 
public keys and transmits the resultant message(s) to the 
appropriate recipient Each recipient decrypts the messages 
using the recipient's private key and the sender's public key. 
A secure communication system is thereby provided, 
wherein portable communication devices are neither tied up 
nor drained of power because the device's user wishes to 
send a single encrypted message to multiple recipients. 

A method of using an encryption server for encrypting 
messages comprises the steps of, at a communication unit 
operated by a user generating a digital data message. The 
digital data message is encrypted using a first key, yielding 
a first encrypted message. An identification of the user and 
an identification of a first recipient are appended to the first 
encrypted message, yielding an appended first encrypted 
message. The appended first encrypted message is encrypted 
using a second key. yielding a second encrypted message. 
The second encrypted message is transmitted to an encryp- 
tion server. At the encryption server, the second encrypted 
message is received. The second encrypted message is 
decrypted using a third key, yielding the appended first 
encrypted message. The first encrypted message, the iden- 
tification of the user, and the identification of the first 
recipient are determined from the appended first encrypted 
message. The first encrypted message and the identification 
of the user are encrypted with a fourth key. yielding a third 
encrypted message. The third encrypted message is trans- 
mitted to the first recipient. In the preferred embodiment the 
first key is a private key associated with the user, the second 
key is a public key associated with the encryption server, the 
third key is a private key associated with the encryption 
server, and the fourth key is a public key associated with the 
first recipient Alternatively, the second key and the third key 
may be identical. The transmitting steps may be performed 
over wireless communication resources, such as radio fre- 
quency communication resources, or wireline communica- 
tion resources, such as standard telephone lines or fiber optic 
cable. 

In addition, the step of appending may further comprise 
the step of appending an identification of a second recipient 
to the first encrypted message, thereby yielding the 
appended first encrypted message. In this case, the method 
further comprises the steps of encrypting, by the encryption 
server, the first encrypted message and the identification of 
the user with a fifth key. yielding a fourth encrypted 
message, and transmitting the fourth encrypted message to 
the second recipient In the preferred embodiment, the fifth 
key is a public key associated with the second recipient 
Alternatively, the step of appending may comprise the step 
of appending three or more identifications of recipients to 
the first encrypted message, thereby yielding the appended 
first encrypted message. 
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A block diagram of a communication system having an 
encryption server is shown in FIG. 1. An encryption server 
101 is shown at the center of FIG. 1. Further details of the 
encryption server 101 are shown in FIG. 2 described below. 
A user of a first communication unit 103 utilizes the first 5 
communication unit 103 to generate an digital data message 
that is encrypted in two stages in the preferred embodiment 
In the first stage, the digital data message is encrypted using 
a first key. which is the user's private key in the pref erred 
embodiment. The result of this encryption is a first-stage 1( 
encrypted message. (In an alternate cmbcxiiment the digital 
data message is not encrypted using the first key.) The user's 
identification (ID) and one or more recipient IDs are 
appended to the first-stage encrypted message, yielding an 
appended message. The appended message is encrypted 1; 
using a second key, yielding a second-stage encrypted 
message 105. In the pref erred embodiment, the second key 
is the public key associated with the encryption server 101. 
The communication unit transmits the second-stage 
encrypted message 105 to the encryption server via a 2( 
wireless communication link to a wireless communication 
device 107. such as a radio frequency (RF) base station, 
repeater, or radio, or infrared communication device. The 
second- stage encrypted message 105 is conveyed by the 
wireless communication device 107 to the encryption server 2 
101. 

The encryption server 101 decrypts the second-stage 
encrypted message 105 using an appropriate key. In the 
preferred embodiment, the appropriate key is the encryption 
server's private key. The encryption server 101 then deter- ^ 
mines the user's ID from the decrypted message and also 
determines the IDs of all recipients that the user indicated as 
intended targets of the first-stage encrypted message. The 
encryption server 101 then encrypts the user's ID along with 
the first-stage encrypted message by encrypting with the 3 
public key of the first recipient The resultant message 109 
is transmitted to the first recipient, who utilizes communi- 
cation unit 111. The encryption server then encrypts the 
first-stage encrypted message along with the user's ID by 
encrypting with the public key of the second recipient and 4 
transmitting the resultant encrypted message 113 to the 
second recipient who utilizes communication unit 115. This 
process continues until the encryption server reaches the last 
recipient ID on the user's list and encrypts the first-stage 
encrypted message along with the user's ID by encrypting A 
with die public key of the last recipient and transmitting the 
resultant encrypted message 117 to the last recipient who 
utilizes communication unit 119. 

The encryption server 101 may also receive user requests 
for encryption from wireline communication devices 121 via « 
wireline channels. As with the wireless transmission, the 
encryption server decrypts the received message 123 using 
the private key of the encryption server, then encrypts the 
resultant message individually for each different recipient 
using the appropriate recipient's individual public key. : 
These recipients may be wireline devices 127 and 131. 
which receive the messages 125 and 129 via wireline 
communication channels. 

The above examples describe RF to RF transmission and 
wireline to wireline transmission of encrypted messages, i 
Nevertheless, the method of the present invention is equally 
successful if a wireline device 121 requests transmission to 
wireless communication units 111. 115, and 119. Similarly, 
a wireless communication unit 103 may request transmis- 
sion from the encryption server 101 to wireline communi- 
cation devices 127 and 131. In addition, the recipients may 
be a combination of both wireless and wireline communi- 
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cation units 111. 115. 119. 127, and 131. regardless of 
whether the sender uses a wireless communication unit 103 
or a wireline communication device 121. 

Upon receipt of the encrypted message from the encryp- 
tion server, each recipient decrypts the message with the 
recipient's own private key, and after determining the user's 
ID. decrypts the resultant message with the user's public 
key, thereby yielding the original digital data message. The 
user is also referred to as the sender of the (second- stage) 
encrypted message 105. 

A block diagram of an encryption server 101. including its 
input signals 105 and output signals 109. 113, 125. and 117. 
is shown in FIG. 2. In the preferred embodiment the 
encryption server 101 is a Sun SparcServer2000 in a mul- 
tiprocessor configuration, available from Sun Microsystems. 
The encryption server 101 comprises one or more processors 
201. such as microprocessors or digital signal processors, as 
are well known in the art The processors 201 have access to 
encryption and decryption algorithm^) 203. a public key 
data base 205. and memory 211. The encryption/decryption 
algorithms 203 include public key algorithms, private 
algorithms, and other algorithms as may be used in the art. 
The public key data base 205 includes a list of IDs. as used 
by senders (users) and recipients, and the public keys 
associated with each of these IDs. The memory 211 includes 
programming and other data as is necessary to provide 
functionality as described herein for the encryption server 
101. A receive block for wireline and wireless communica- 
tions 207 and a transmit block for wireline and wireless 
communications 209 are also connected to the processors 
201. The receive block for wireline and wireless communi- 
cations 207 performs appropriate demodulation techniques 
on received messages 105 and 123. The transmit block for 
wireline and wireless communications 209 performs appro- 
priate modulation techniques on messages 109, 113, 124. 
and 117 to be transmitted. In addition, the encryption server 
101 may be equipped with hardware and/or software to 
provide the encryption server 101 with over-the-air-rekeying 
capabilities. 

As shown in FIG. 2, a user message 105 comprises a 
second-stage encrypted (encrypted using the encryption 
server's public key) message comprising the digital data 
message 105A. first-stage encrypted with the user's 
(sender's) private key, in addition to the user ID and a 
number of recipient IDs. Alternatively, the user message 105 
may comprise an unencrypted digital data message 105A, 
the user ID, and one or more recipient IDs. The user message 
105 is input to the receive wireline/wireless block 207, the 
output of which is input to the processors) 201. The 
processors) 201 utilize(s) the encryption/decryption 
algorithm^) 203 and the public key data base 205 to decrypt 
the message 105 using the private key of the encryption 
server. The processors) 201 then determine^) the first-stage 
encrypted message 105A. the user ID, and the first recipient 
ID from the decrypted message. The processor(s) 201 then 
detcrmine(s) the first recipient's public key from public key 
data base 205. and the encrypt the first-stage encrypted 
message 105A and the user ID by using the encryption/ 
decryption algorithms 203 and the first recipient's public 
) key. The processor(s) 201 then append(s) the first recipient 
ID, thereby yielding a message 109 that is sent to the 
transmit wireline/wireless block 209 for transmitting to the 
first recipient's communication unit 111, as shown in FIG. 1. 
A similar process is performed on the first-stage encrypted 
65 message (or unencrypted digital data message) 105A and the 
user ID for each of the recipients listed in the user's message 
105. 
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In an alternate embodiment, the encryption server 101 
may be physically distributed as one or more encryption 
servers. In this embodiment, the encryption server 101 
encrypts the message using a second set of private and 
public keys associated with a second server. The message so 
encrypted is transmitted to the second encryption server. The 
second server decrypts the message and then encrypts the 
message using the public key(s) of the recipients). When 
traffic is heavy, the encryption server 101 may optimize its 
efficiency by determining the computation required to trans- 
mit directly to each recipient or transmit the request to one 
or more distributed servers. This process is transparent to the 
user. 

The flowchart of FIG. 3 shows a method for use by a 
communication unit in transmitting a digital data message to 
an encryption server 101. At step 301, a digital data message 
is generated. If at step 303 the digital data message is not to 
be encrypted, the process continues with step 307. If at step 
303 the digital data message is to be encrypted, the process 
continues with step 305. where the digital data message is 
encrypted using the private-key of the user who wishes to 
communicate the message. At step 307. it is determined if 
the IDs of the user and/or recipients) are to be encrypted. If 
the IDs are to be encrypted, the process continues with step 
309. where the user ID and recipient ED(s) are appended to 
the encrypted message from step 305 or the unencrypted 
message from step 301 if no encryption took place. At step 
311, the message from step 309. including the appended IDs, 
is encrypted using the public key of the encryption server 
101. The process continues with step 317. where the 
encrypted message is transmitted to the encryption server 
101. If at step 307 the IDs are not to be encrypted, the 
process continues with step 313, where the encrypted mes- 
sage of step 305 (or the unencrypted message from step 301 
if no encryption took place) is encrypted with the public key 
of the encryption server 101. At step 315, the user ID and 
recipient ID($) are appended to the encrypted message of 
step 313. and the process continues with step 317. 

In an alternative embodiment i.e., when the digital data 
message is not to be encrypted at step 303 of FIG. 3. the 
sender or user may decrypt the digital data message and if 
desired, the recipient IDs only once, using the encryption 
server* s public key. The encryption server then decrypts the 
message using the encryption server's private key, and 
encrypts the message individually for each of the recipients 
with the recipient's public key. The recipient then decrypts 
the message using only the recipient's private key. This 
method requires the user to locally store only one public key. 
the key of the encryption server. With this method, a single 
symmetrical key may be used to encrypt and decrypt the 
messages between the user and the encryption server 101, 
and one or more keys may be used to encrypt the messages 
between the encryption server and the recipient. 
Nevertheless, for better security, the encryption server 101 
engaged in this embodiment should be a physically secured, 
e.g.. locked away with limited access, because unencrypted 
information is present inside the encryption server 101. An 
advantage of such a system includes enabling law enforce- 
ment officials the ability to read the decrypted message as 
available in the encryption server 101. 

The flowchart of FIG. 4 shows the method performed by 
the encryption server 101 in accordance with the present 
invention. At step 401, the encryption server receives the 
encrypted message transmitted by the communication unit 
103. At step 403, the encryption server decrypts the message 
received at step 401 with the private key of the encryption 
server 101. At step 405, the encryption server determines the 



6 

user ID, the recipient ID(s). and the encrypted (generated at 
step 305 of FIG. 3) or unencrypted (generated at step 301 of 
FIG. 3) data message. In an alternate embodiment, the 
encryption server 101 may be equipped with the appropriate 
5 keys to decrypt the digital data message 105 A (when the 
message 105A is encrypted) so that law enforcement agen- 
cies may have full access to all information transmitted in 
the system. 

At step 407. it is determined if the IDs (i.e.. the user ID 

10 and/or recipient ID(s)) are to be encrypted before transmis- 
sion. If the IDs are to be encrypted, the process continues 
with step 409, where the encryption server encrypts the 
encrypted data message along with the user ED. and the 
recipient's ID if desired, with the recipient's public key. At 

15 step 411, the encryption server transmits the encrypted 
message to the recipient whose public key was used at step 
409. If at step 413 there are more recipients identified by the 
user to which the encryption server has not yet encrypted 
and transmitted the message, the process continues with step 

2° 407. If there are no more recipients at step 413, the process 
ends. If at step 407, the IDs are not to be encrypted, the 
process continues with step 415. where the encrypted data 
message is encrypted with the recipient' s public key. and the 
user ID and the recipient's ID are appended to that encrypted 

25 message without further encryption, and the process contin- 
ues with step 411. 

Optionally, all messages may be encrypted at one time, 
and then transmitted in succession at one time, rather than 
encrypting a first message with one public key, then trans- 

30 mitring the encrypted first message right away, then encrypt- 
ing a second message using another public key. and trans- 
mitting the encrypted second message immediately, and so 
forth. 

35 The above text and associated drawings describe a 
method using public-key encryption. Private-key 
encryption, where the same key is used to encrypt and 
decrypt a message, may also be used. For example, the key 
used to encrypt the message send to the encryption server 

M may be the same or identical key used to decrypt the 
encrypted message at the encryption server. In addition, the 
encryption method employed by the user to encrypt the 
original digital data message 105A may also be private-key 
encryption, rather than public-key encryption. In addition, a 

45 different encryption algorithm may be utilized for the user's 
first stage of encryption than for the user's second stage of 
encryption, the result of which is transmitted to the encryp- 
tion server. 

In the above manner, the encryption server encrypts the 
50 user's data message individually for each different recipient 
using that particular recipient's public key. The encryption 
server has more computing resources available to it than an 
individual communication unit, and can encrypt and trans- 
mit a message multiple times to many different users in a 
55 more efficient manner than can an individual communication 
unit. Individual communication units need not store all 
possible recipient's public keys, but instead need store only 
the encryption server's public key. Encryption of the recipi- 
ent's ID(s) helps to secure the identity of the recipients) and 
60 eliminates a source of information for traffic analysis by 
undesired readers/interceptors of such information. 
What is claimed is: 
1. A method comprising the steps of: 
at a communication unit operated by a user: 
65 generating a digital data message; 

encrypting the digital data message using a first key. 
yielding a first encrypted message; 
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appending an identification of the user and an identi- 
fication of a first recipient to the first encrypted 
message, yielding an appended first encrypted mes- 
sage; 

encrypting the appended first encrypted message using 
a second key, yielding a second encrypted message; 
transmitting the second encrypted message to an 

encryption server; 
at the encryption server: 
receiving the second encrypted message; 
decrypting the second encrypted message using a 
third key, yielding the appended first encrypted 
message; 

determining the first encrypted message, the identi- 
fication of the user, and the identification of the 
first recipient from the appended first encrypted 
message; 

encrypting the first encrypted message and the iden- 
tification of the user with a fourth key, yielding a 
third encrypted message; 

transmitting the third encrypted message to the first 
recipient 

2. The method of claim 1, wherein the step of appending 
further comprises the step of appending an identification of 
a second recipient to the first encrypted message, thereby 
yielding the appended first encrypted message. 

3. The method of claim 2, further comprising the steps of 
encrypting, by the encryption server, the first encrypted 
message and the identification of the user with a fifth key, 
yielding a fourth encrypted message, and transmitting the 
fourth encrypted message to the second recipient. 

4. The method of claim 3, wherein the fifth key is a public 
key associated with the second recipient, 

5. The method of claim 1, wherein the first key is a private 
key associated with the user. 

6. The method of claim 1, wherein the second key is a 
public key associated with the encryption server. 

7. The method of claim 1, wherein the third key is a 
private key associated with the encryption server. 

8. The method of claim 1, wherein the fourth key is a 
public key associated with the first recipient 

9. The method of claim 1, wherein the second key and the 
third key are identical. 

10. The method of claim 1. wherein the step of appending 
further comprises the step of appending three or more 
identifications of recipients to the first encrypted message. 45 
thereby yielding the appended first encrypted message. 

11. The method of claim 1, wherein the steps of trans- 
mitting are performed over radio frequency communication 
resources. 

12. A method comprising the steps of: 
at a communication unit operated by a user: 

generating a digital data message; 

encrypting the digital data message using a first key. 
yielding a first encrypted message; 

appending an identification of the user and an identi- 
fication of a first recipient to the first encrypted 
message, yielding an appended first encrypted mes- 
sage; 

encrypting the appended first encrypted message using 
a second key, yielding a second encrypted message; 

transmitting the second encrypted message to the 
encryption server, wherein the encryption server is 
not the first recipient 

13. The method of claim 12, wherein the first key is a 
private key associated with the user. 

14. The method of claim 13. wherein the second key is a 
public key associated with the encryption server. 



15. The method of claim 12, wherein the step of append- 
ing further comprises the step of appending an identification 
of a second recipient to the first encrypted message, thereby 
yielding the appended first encrypted message. 

16. A method comprising the steps of: 
at an encryption server: 

receiving a first encrypted message; 
decrypting the encrypted message using a first key. 
yielding a decrypted message comprising a second 
encrypted message, an identification of a sender of 
the first encrypted message, and an identification of 
a first recipient; 
determining the second encrypted message, the identi- 
fication of the sender, and the identification of the 
first recipient from the decrypted message; 
encrypting the second encrypted message and the iden- 
tification of the sender with a second key. yielding a 
third encrypted message; 
transmitting the third encrypted message to the first 
recipient. 

17. The method of claim 16, wherein the first key is a 
private key associated with the encryption server. 

18. The method of claim 16. wherein the second key is a 
public key associated with the first recipient. 

19. The method of claim 16, further comprising, when a 
second identification of a second recipient is part of the 
decrypted message, the steps of encrypting, by the encryp- 
tion server, the second encrypted message and the identifi- 
cation of the sender with a third key. yielding a fourth 
encrypted message, and transmitting the fourth encrypted 

30 message to the second recipient. 

20. The method of claim 19, wherein the third key is a 
public key associated with the second recipient. 

21. A method comprising the steps of: 
at a communication unit operated by a user: 

generating a digital data message; 
encrypting the digital data message using a private key 
associated with the user, yielding a first encrypted 
message; 

appending an identification of the user, a first identifi- 
cation of a first recipient, and a second identification 
of a second recipient to the first encrypted message, 
yielding an appended first encrypted message; 
encrypting the appended first encrypted message using 
a public key associated with an encryption server, 
yielding a second encrypted message; 
transmitting the second encrypted message to the 

encryption server; 
at an encryption server: 
receiving the second encrypted message; 
decrypting the second encrypted message using a 
private key associated with the encryption server, 
yielding the appended first encrypted message; 
determining the first encrypted message, the identi- 
fication of the user, the identification of the first 
recipient, and the second identification of the 
second recipient from the appended first encrypted 
message; 

encrypting the first encrypted message and the iden- 
tification of the user with a first public key asso- 
ciated with the first recipient yielding a third 
encrypted message; 
transmitting the third encrypted message to the first 
recipient; 

encrypting the first encrypted message and the iden- 
tification of the user with a second public key 
associated with the second recipient yielding a 
fourth encrypted message; 
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transmitting the fourth encrypted message to the 
second recipient. 

22. A method comprising the steps of: 

at a communication unit operated by a user: 
generating a digital data message; 5 
encrypting the digital data message using a first key. 

yielding a first encrypted message; 
encrypting the first encrypted message using a second 

key, yielding a second encrypted message; 
appending an identification of the user and an identi- 10 

fication of a first recipient to the second encrypted 

message, yielding an appended second encrypted 

message; 

transmitting the appended second encrypted message to 

the encryption server; 15 
at the encryption server: 
receiving the appended second encrypted message; 
deterrnining the second encrypted message, the iden- 
tification of the user, and the identification of the 
first recipient from the appended second encrypted 20 
message; 

decrypting the second encrypted message using a 
third key. yielding the first encrypted message; 

encrypting the first encrypted message with a fourth 
key. yielding a third encrypted message; 25 

transmitting the third encrypted message to the first 
recipient 

23. The method of claim 22. wherein the step of append- 
ing further comprises the step of appending an identification 

of a second recipient to the second encrypted message. 30 
thereby yielding the appended second encrypted message. 

24. The method of claim 23. further comprising the steps 
of encrypting, by the encryption server, the first encrypted 
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message and the identification of the user with a fifth key. 
yielding a fourth encrypted message, and transmitting the 
fourth encrypted message to the second recipient. 

25. The method of claim 24. wherein the fifth key is a 
public key associated with the second recipient. 

26. The method of claim 24. wherein the identification of 
the user is appended to the fourth encrypted message before 
transmitting takes place at the encryption server. 

27. The method of claim 22. wherein the first key is a 
private key associated with the user. 

28. The method of claim 22. wherein the second key is a 
public key associated with the encryption server. 

29. The method of claim 22. wherein the third key is a 
private key associated with the encryption server. 

30. The method of claim 22. wherein the fourth key is a 
public key associated with the first recipient. 

31. The method of claim 22. wherein the identification of 
the user is encrypted using the second key before the step of 
appending. 

32. The method of claim 22, wherein the identification of 
the user is appended to the first encrypted message before 
encrypting takes place at the encryption server. 

33. The method of claim 22, wherein the step of append- 
ing further comprises the step of appending three or more 
identifications of recipients to the second encrypted 
message, thereby yielding the appended first encrypted 
message. 

34. The method of claim 22, wherein the steps of trans- 
mitting are performed over radio frequency communication 
resources. 
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